59d0b3c9143fa50ccb91b216610efaa1141ea64944d2ebec803489c86159f274

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ac3a8e6a40da030174b5ff7e9bd4629.exe
Size

5.8MB
MD5

3ac3a8e6a40da030174b5ff7e9bd4629
SHA1

6dfd83ee27aa79d2df598709e45a43dff932ba9a
SHA256

59d0b3c9143fa50ccb91b216610efaa1141ea64944d2ebec803489c86159f274
SHA512

3c4b37b1be3e418fd83a7ac91c631c883ce8ae4d8e45945206261e32db577fabb2c15ff84b4ea96840a3f6a7e2f56de6a2028bd9c5527f33b9678478725c6f98
SSDEEP

98304:lK6EKW9ln4i/5Agg3gnl/IVUs1jePsA36t8wSIeQFBkdpqdgg3gnl/IVUs1jePs:AJJ9tOgl/iBiPTVJRQPkd6gl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2792	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Executes dropped EXE 1 IoCs

pid	Process
2792	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001226e-14.dat	upx
behavioral1/memory/2792-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001226e-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe
2792	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2792	2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe	28
PID 2184 wrote to memory of 2792	2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe	28
PID 2184 wrote to memory of 2792	2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe	28
PID 2184 wrote to memory of 2792	2184	3ac3a8e6a40da030174b5ff7e9bd4629.exe	28

C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe
"C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe
  C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe

Filesize
381KB

MD5
23d8a1b5205706ad2dc618329b9c7d54

SHA1
77555d44aa827dec32db7e9bdf79cce65b000319

SHA256
fb90c6e59d5771d1cf999f7129c0d3b23e328a0267c18ed1edb3d92e21e17465

SHA512
de1f570c9ad232b7582037f00690c1c6164957b9e7ca1afc5091ed00ccb600d0b7cb30ed51d997155dc4703ee236ef7260d3021af9dd6554ffb0fb98a18d6e76

Download Submit
\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe

Filesize
1.7MB

MD5
ef90a2c6265cd31f77f765d075c698d6

SHA1
7e0c3c8619d2d827c0ba36add4b6a08d7d649a71

SHA256
3fd8f1a53ee3a21f668749e1aaff70638e9688c05b8e7ab0ce2f4f69b7d1d605

SHA512
d8f38f99c4e5d0b0c917fa85c623194525a7b0030e2cc24a939c2c462b9a74a830aad1f5dc99d3a20086d1cf0681ad646573fb426d19e64e07ede3562c2e0d3b

Download Submit
memory/2184-13-0x0000000003E80000-0x000000000436F000-memory.dmp

Filesize
4.9MB

Download
memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2184-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2184-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2184-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2792-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2792-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2792-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download